weird mailscanner clamd error

Naz Snidanko nsnidanko at harperpowerproducts.com
Wed Jan 5 14:47:00 GMT 2011 

MailScanner --lint was generating "found 2 viruses" instead of a proper
"found 1 virus". So I got fed up, scrapped clamd and went with clamav.
Clamav works as it should: --lint generates "found 1 virus" and no more
errors with .ZIP archives. This is a small site and speed should not be
a factor.

Tons of thanks,

Naz Snidanko
Desktop & Network Support
Harper Power Products Inc.
(p) 416 201- 7506
 nsnidanko at harperpowerproducts.com
 
-----Original Message-----
Date: Tue, 4 Jan 2011 14:45:51 -0500
From: "Rick Cooper" <rcooper at dwford.com>
Subject: RE: weird mailscanner clamd error
To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
Message-ID: <3AD1272E15D14A43BD27F7E3F3C17BD1 at SAHOMELT>
Content-Type: text/plain; charset="us-ascii"

Have you attempted to manually scan an example file with clamscan or
clamdscan? (preferably as the same user as would mailscanner).  Have you
tried sending with MailScanner running in debug mode? The error you are
seeing is coming from clamd, 

  _____  

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Naz
Snidanko
Sent: Tuesday, January 04, 2011 10:07 AM
To: mailscanner at lists.mailscanner.info
Subject: Re: weird mailscanner clamd error



Glenn,

 

/tmp and incoming directories both have chmod 777. Also from my guess if
it
had something to do with permissions it would generate this error for
all
files, not just ZIP archives created by Winrar and Winzip programs. I
also
completely removed apparmor (even though it originally had rw
permissions
for clamd on incoming directory).

 

Is there a module within MailScanner that does .zip file extracting
before
it goes for a clamd scan?

Any help is much appreciated.

Thank you,

Naz Snidanko

Desktop & Network Support

Harper Power Products Inc.

(p) 416 201- 7506

 <mailto:nsnidanko at harperpowerproducts.com>
nsnidanko at harperpowerproducts.com

------------------------------

 

Message: 4

Date: Tue, 4 Jan 2011 11:40:03 +0100

From: Glenn Steen <glenn.steen at gmail.com>

Subject: Re: weird mailscanner clamd error

To: MailScanner discussion <mailscanner at lists.mailscanner.info>

Message-ID:

      <AANLkTikQ0EraC0imktQRZ-L-q2sqwqOE+503D-uSTMug at mail.gmail.com>

Content-Type: text/plain; charset=windows-1252

 

On 3 January 2011 21:34, Naz Snidanko
<nsnidanko at harperpowerproducts.com>
wrote:

> I have weird stuff happening. When we put any file into ZIP archive
created

> from Winzip or Winrar I get the following log in mail.log:

> 

> 

> 

> Jan  3 15:14:43 ares MailScanner[5103]: Virus and Content Scanning:
Starting

> 

> Jan  3 15:14:43 ares MailScanner[5103]: Clamd::ERROR:: Access denied.
ERROR

> :: ./66522203B7.AD6EB/zRicohdeviceUsersetup.doc

> 

> Jan  3 15:14:43 ares MailScanner[5103]: Virus Scanning: Clamd found 1

> infections

> 

> Jan  3 15:14:43 ares MailScanner[5103]: Virus Scanning: Found 1
viruses

> 

> Jan  3 15:14:43 ares MailScanner[5103]: Spam Checks: Starting

> 

> 

> 

> File delivered after passing mailscanner to final destination.

> 

> 

> 

> When I put the same file into ZIP archive using built-in Windows XP
engine

> it works flawlessly and no error log is generated. No error is
generated

> when same file is put within .rar archive either.

> 

> 

> 

> I've tried different files anything from jpeg to pdf and end up with
error

> described above.

> 

> 

> 

> Can someone point me in the right direct how to troubleshoot this
within

> mailscanner.

> 

> 

> 

> System:

> 

> 

> 

> Clamd 0.96.5

> 

> Ubuntu Server 10.04

> 

> MailScanner 4.82.3

> 

> Perl 5.10.1

> 

> 

Check that both postfix and clamav (or whatever the users/groups are

called) have relevant perms... Run As User/Group and 0660 perms in

MailScanner.conf, correct perms on your incoming directory (perhaps

/var/spool/MailScanner/incoming), Also check your clamd settings, of

course.

Perhaps the most crucial bit though... is to make sure that you have

sane permissions on /tmp, and that they can create files/directories

there as needed.

 

Cheers

-- 

-- Glenn

email: glenn < dot > steen < at > gmail < dot > com

work: glenn < dot > steen < at > ap1 < dot > se

 


-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and is

believed to be clean. 

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110104
/c3d769b6/attachment-0001.html

------------------------------

More information about the MailScanner mailing list